yum plugin suggestion or yum change?

Nicolas Mailhot nicolas.mailhot at laposte.net
Mon Dec 5 23:49:29 UTC 2005 

Jeff Spaleta wrote:
> On 12/5/05, Nicolas Mailhot <nicolas.mailhot at laposte.net> wrote:
>> Jeff Spaleta wrote:
>> MS reasons for holding back some stuff are not applicable to Fedora.
>> Fedora userbase is not segmented between legitimate users (which can get
>> full updates by going through a portal) and freeloaders (which MS would
>> dearly love to leave in the dust, but can not for PR reasons).
> 
> I make no claim as to why MS does anything... you brought up MS not
> me. But I thank you for the lesson in conspiracy theory.

It's not a conspiracy theory it's a well documented fact.
MS started by pulling updates from windows copies.
When people complained this would create a pool of future zombies and
threatened to sue MS, MS restored auto-updates for everyone but
restricted them to security stuff.

...

> I feel that users who rely on auto-updating for security would get a
> false sense of security by auto-updating without there being a
> notifcation mechanism to clearly notify the user of unapplied security
> updates asap. I believe that a false sense of security can be more
> dangerous than actual insecurity because a false sense of security
> will embolden some people to take risks they otherwise would not if
> they knew their were vulnerable.  Feel free to disagree.

Again, your concern is touching but you've thoroughly lost touch with
what a real user is. A real user does not read error messages. Apps must
to the best job they can without bothering the user.

The typical blunder is an app writer which adds a warning popup to its
app to make people check some stuff instead of automating the checking
(because he's not sure the automated check will work in 100% of cases).
Now most users will just click through so the check is not done at all,
and apps crash.

The real false sense of security is not users not acting because they're
not warned enough, but app writers considering that they just have to
dump a particularly evil warning on users to make them do the difficult
stuff. USERS DO NOT CARE. If you want stuff to be done, automate it and
never rely on users. Even if you only do 60% of the problem space that's
60% more of what you'll achieve with a user warning (most of the times,
power users excepted).

Now, in this particular case, if you really trust warnings you can do a
partial update then print the packages still to be updated (in bold
blinking red with copy to the root mail account if you want to).

But the truth is users get used to warnings real quick, so if you
actually want this to be effective you'd better not do it every single
time you hit a partially updated mirror. Users that get yelled at all
week round by apps either
1. do not care anymore (mostly young people) or,
2. are terrified of clicking on any new button since it will trigger new
abuse (older people)

If making people do stuff was that easy carpet-bombing add campaigns
would not exist.

-- 
Nicolas Mailhot

More information about the fedora-devel-list mailing list